Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/t/db_dependent
History
Julian Maurice 43a4b3c22c Bug 20402: Implement OAuth2 authentication for REST API 
It implements only the "client credentials" flow with no scopes
support. API clients are tied to an existing patron and have the same
permissions as the patron they are tied to.
API Clients are defined in $KOHA_CONF.

Test plan:
0. Install Net::OAuth2::AuthorizationServer 0.16
1. In $KOHA_CONF, add an <api_client> element under <config>:
     <api_client>
       <client_id>$CLIENT_ID</client_id>
       <client_secret>$CLIENT_SECRET</client_secret>
       <patron_id>X</patron_id> <!-- X is an existing borrowernumber -->
     </api_client>
2. Apply patch, run updatedatabase.pl and reload starman
3. Install Firefox extension RESTer [1]
4. In RESTer, go to "Authorization" tab and create a new OAuth2
   configuration:
   - OAuth flow: Client credentials
   - Access Token Request Method: POST
   - Access Token Request Endpoint: http://$KOHA_URL/api/v1/oauth/token
   - Access Token Request Client Authentication: Credentials in request
     body
   - Client ID: $CLIENT_ID
   - Client Secret: $CLIENT_SECRET
5. Click on the newly created configuration to generate a new token
   (which will be valid only for an hour)
6. In RESTer, set HTTP method to GET and url to
   http://$KOHA_URL/api/v1/patrons then click on SEND
   If patron X has permission 'borrowers', it should return 200 OK
   with the list of patrons
   Otherwise it should return 403 with the list of required permissions
   (Please test both cases)
7. Wait an hour (or run the following SQL query:
   UPDATE oauth_access_tokens SET expires = 0) and repeat step 6.
   You should have a 403 Forbidden status, and the token must have been
   removed from the database.
8. Create a bunch of tokens using RESTer, make some of them expires
   using the previous SQL query, and run the following command:
     misc/cronjobs/cleanup_database.pl --oauth-tokens
   Verify that expired tokens were removed, and that the others are
   still there
9. prove t/db_dependent/api/v1/oauth.t

[1] https://addons.mozilla.org/en-US/firefox/addon/rester/

Signed-off-by: Josef Moravec <josef.moravec@gmail.com>
Signed-off-by: Tomas Cohen Arazi <tomascohen@theke.io>

Signed-off-by: Jonathan Druart <jonathan.druart@bugs.koha-community.org>
2018-05-08 15:55:42 -03:00
..
Acquisition Bug 20144: [sql_modes] Add default value for export_basket.description in tests 2018-02-13 13:58:57 -03:00
api/v1 Bug 20402: Implement OAuth2 authentication for REST API 2018-05-08 15:55:42 -03:00
Auth
Authority Bug 14769: Put ControlledIndicators to work 2018-04-12 10:50:35 -03:00
Biblio Bug 20126: Add simple test for ModBiblioMarc 2018-02-02 12:08:42 -03:00
Circulation Bug 20562: Fix Returns.t test 2018-04-19 16:26:51 -03:00
Creators Bug 20144: [sql_modes] Remove useless ORDER BY clauses in tests 2018-02-13 13:58:59 -03:00
data
Exporter Bug 18201: Tidy tests 2017-12-21 13:21:12 -03:00
Holds Bug 4319: (QA follow-up) Consistency in IsAvailableForItemLevelRequest 2018-02-13 13:02:23 -03:00
Illrequest Bug 7317: Remove traces of UnmediatedILL 2017-11-09 11:42:16 -03:00
Items Bug 20144: [sql_modes] Remove ORDER BY clause for COUNT(*) in GetItemsForInventory 2018-02-13 13:59:00 -03:00
Koha Bug 19855: Move getalert, addalert and delalert to Koha::Subscription 2018-04-23 14:22:15 -03:00
Labels Bug 18292: Remove return 1 statements in tests 2017-08-15 12:17:42 -03:00
LDAP
Letters Bug 19578: Remove MARC punctuation in notices (TT syntax) 2018-04-04 15:45:43 -03:00
Members Bug 20531: (follow-up) Set the timestamps to the same value to get a correct order 2018-05-07 12:22:44 -03:00
OAI Bug 20665: Units tests for testing MySQL connection time zone 2018-05-03 12:46:55 -03:00
Patron Bug 20503: Prevent Borrower_PrevCheckout.t to fail randomly 2018-03-30 13:15:16 -03:00
Record
Reports Bug 20144: [sql_modes] Fix values when creating a sql report in tests 2018-02-13 13:59:00 -03:00
Reserves Bug 19437: (followup) Rearrange CancelExpiredReserves tests - fix typos 2017-10-09 13:47:02 -03:00
Search Bug 20144: [sql_modes] Fix search history tests 2018-02-13 13:59:00 -03:00
selenium Bug 20045: Fix Selenium tests 2018-03-27 12:03:51 -03:00
Serials Bug 20144: [sql_modes] Add default value for subscription_numberpatterns.description in tests 2018-02-13 13:59:00 -03:00
SIP Bug 18625: (QA follow-up) Unit tests 2018-04-11 16:45:10 -03:00
Template/Plugin Bug 19655: Add tests 2017-11-26 12:59:31 -03:00
Utils Bug 18292: Remove return 1 statements in tests 2017-08-15 12:17:42 -03:00
www Bug 18336: Full stack tests for supplemental UTF-8 chars 2018-02-16 17:53:42 -03:00
XSLT_Handler
00-strict.t Bug 18055: (QA followup) Only print output if DEBUG 2018-03-28 15:53:12 -03:00
01-test_dbic.t
Accounts.t Bug 2696: (QA follow-up) Add more test, move to subtest 2018-04-24 14:01:48 -03:00
Acquisition.t Bug 17457: Add tests for each marc flavour 2018-03-23 11:45:38 -03:00
AdditionalField.t Bug 20144: [sql_modes] Add default value for subscription_numberpatterns.description in tests 2018-02-13 13:58:53 -03:00
Amazon.t
ArticleRequests.t Bug 18403: Article requests 2018-02-12 15:41:41 -03:00
AudioAlerts.t
Auth.t Bug 20489: Prevent DB user login 2018-04-20 12:24:00 -03:00
Auth_with_cas.t Bug 19373: Update tests 2017-10-16 09:38:41 -03:00
Auth_with_ldap.t Bug 18292: Remove return 1 statements in tests 2017-08-15 12:17:42 -03:00
AuthorisedValues.t
AuthoritiesMarc.t
BackgroundJob.t
Barcodes.t
Barcodes_ValueBuilder.t Bug 18292: Remove return 1 statements in tests 2017-08-15 12:17:42 -03:00
Biblio.t Bug 9701: (follow-up) Adjust tests 2018-04-12 10:50:34 -03:00
Bookseller.t Bug 20144: [sql_modes] Fix date format in tests 2018-02-13 13:58:50 -03:00
Breeding.t
Budgets.t Bug 18999: (QA followup) ModReceiveOrder expects a hashref 2017-09-29 13:03:38 -03:00
Calendar.t Bug 9031: (QA follow-up) Final changes to Calendar::days_between 2017-10-27 14:09:04 -03:00
Charset.t
check_kohastructure.t Bug 19783: Move check_kohastructure.t to db_dependent 2018-01-19 15:13:56 -03:00
check_sysprefs.t
Circulation.t Bug 20721: (bug 19403 follow-up) Prevent Circulation.t to fail randomly 2018-05-07 13:15:34 -03:00
ClassSource.t
Clubs.t Bug 18292: Remove return 1 statements in tests 2017-08-15 12:17:42 -03:00
ColumnsSettings.t
Context.t Bug 19788: Add a test 2017-12-22 13:15:37 -03:00
Contract.t
CourseReserves.t
db_structure.t Bug 18292: Remove return 1 statements in tests 2017-08-15 12:17:42 -03:00
DecreaseLoanHighHolds.t Bug 19705: Try to fix random failures from DecreaseLoanHighHolds.t 2018-01-23 17:01:29 -03:00
default_search_class.pl
Filter_MARC_ViewPolicy.t Bug 18292: Remove return 1 statements in tests 2017-08-15 12:17:42 -03:00
Fines.t
FrameworkPlugin.t Bug 20204: Add TestBuilder to replace CPL branch 2018-02-15 11:15:53 -03:00
Heading_MARC21.t
Hold.t Bug 18382: Add a test 2018-04-02 18:07:57 -03:00
Holds.t Bug 19766: (bug 19058 follow-up) Fix Preview routing slip 2017-12-07 09:37:01 -03:00
HoldsQueue.t Bug 19059: Move C4::Reserves::CancelReserve to Koha::Hold->cancel 2017-09-12 12:42:58 -03:00
Holidays.t Bug 18292: Remove return 1 statements in tests 2017-08-15 12:17:42 -03:00
Illrequestattributes.t Bug 7317: (followup) Make tests independent of data on the DB 2017-11-09 11:42:15 -03:00
Illrequests.t Bug 7317: (QA followup) Rename 'branch' for 'library' 2017-11-09 11:42:16 -03:00
ILSDI_Services.t Bug 12001: Move GetMemberAccountBalance to Koha::Account->non_issues_charges 2018-02-23 10:57:30 -03:00
ImportBatch.t Bug 19049: [QA Follow-up] Mock config, default format 2017-08-15 12:17:42 -03:00
Installer.t
Items.t Bug 18816: (QA follow-up) Convert param to hashref, fix typo 2018-04-06 14:51:15 -03:00
Items_DelItemCheck.t Bug 18292: Remove return 1 statements in tests 2017-08-15 12:17:42 -03:00
KitchenSinkPlugin.kpz
Koha.t Bug 20144: [sql_modes] Correct quotes.timestamp values in tests 2018-02-13 13:58:54 -03:00
Koha_Authority.t
Koha_Database.t
Koha_Elasticsearch.t Bug 19581: Fix Koha_Elasticsearch.t 2018-04-09 17:44:20 -03:00
Koha_Elasticsearch_Indexer.t Bug 19581: Unit tests 2018-04-09 16:15:18 -03:00
Koha_Misc_Files.t Bug 18292: Remove return 1 statements in tests 2017-08-15 12:17:42 -03:00
Koha_SearchEngine_Elasticsearch_Search.t Bug 19564: (QA follow-up) Make commented out tests pass 2018-03-28 16:05:10 -03:00
Languages.t
Letters.t Bug 19855: Move getalert, addalert and delalert to Koha::Subscription 2018-04-23 14:22:15 -03:00
LibraryGroups.t Bug 18403: Add new method Koha::Library::Group->has_child 2018-02-12 15:41:37 -03:00
Linker_FirstMatch.t
Log.t Bug 18991: [QA Follow-up] Use schema txn_begin and txn_rollback 2017-07-28 11:23:40 -03:00
MarcModificationTemplates.t Bug 19069: Fix 'does not match' behaviour in MARC modification template 2017-10-27 14:09:01 -03:00
Members.t Bug 20590: Fix Members.t 2018-04-20 10:17:49 -03:00
MungeMarcPrice.t
NewsChannels.t
Overdues.t
Passwordrecovery.t Bug 20474: Mimick Letters.t 2018-03-27 12:21:44 -03:00
PatronLists.t Bug 18292: Remove return 1 statements in tests 2017-08-15 12:17:42 -03:00
Patrons.t Bug 9302: (QA follow-up) Consistency follow-up 2018-04-20 13:34:41 -03:00
Plugins.t Bug 20181: Unit tests 2018-04-06 14:51:37 -03:00
QueryParser.t Bug 18292: Remove return 1 statements in tests 2017-08-15 12:17:42 -03:00
Record.t Bug 20097: (follow-up) Add a unit test 2018-03-19 13:54:50 -03:00
RecordProcessor_EmbedSeeFromHeadings.t
RefundLostItemFeeRule.t Bug 18292: Remove return 1 statements in tests 2017-08-15 12:17:42 -03:00
Reports.t
Reserves.t Bug 19301: Remove C4::Reserves::OnShelfHoldsAllowed 2018-02-13 13:36:00 -03:00
rollingloans.t Bug 18797: Create the biblioitem entry 2018-03-26 17:31:17 -03:00
RotatingCollections.t Bug 16735: Migrate library search groups into the new hierarchical groups 2018-02-12 15:41:25 -03:00
Search.t Bug 19873: Add unit tests 2018-04-20 13:34:41 -03:00
Serials.t Bug 20144: [sql_modes] Add default value for subscription_numberpatterns.description in tests 2018-02-13 13:58:56 -03:00
Serials_2.t
Service.t
ShelfBrowser.t Bug 19047: Fix AddBiblio call in ShelfBrowser.t 2017-08-10 16:25:32 -03:00
Sitemapper.t Bug 17770: Perltidy 2017-12-21 13:09:16 -03:00
Stats.t Bug 20510: Remove unused sub TotalPaid from C4::Stats 2018-04-05 14:17:36 -03:00
SuggestionEngine_ExplodedTerms.t Bug 17989: (QA follow-up) Replace bad dots in SuggestionEngine_ExplodedTerms.t 2017-11-01 13:10:18 -03:00
Suggestions.t Bug 13287: (QA follow-up) Extend Suggestions.t for DelSuggestionsOlderThan 2018-02-26 13:24:45 -03:00
sysprefs.t
Tags.t
Templates.t Bug 17989: Include full path logic in _get_template_file 2017-11-01 13:10:17 -03:00
TestBuilder.t Bug 19985: Make TestBuilder.t pass even if default_circ_rules is not empty 2018-01-23 16:05:54 -03:00
Upload.t Bug 20081: Set inline headers for uploaded pdfs 2018-03-26 17:31:17 -03:00
UsageStats.t Bug 20264: Remove syspref checkdigit 2018-03-23 11:45:38 -03:00
Virtualshelves.t Bug 20144: [sql_modes] Shorten values for virtualshelfshares.invitekey in tests 2018-02-13 13:58:57 -03:00
XISBN.t Bug 20321: Remove get_biblionumber_from_isbn 2018-03-19 13:55:47 -03:00
XSLT_Handler.t Bug 17807: Add format parameter to XSLT_Handler->transform 2017-08-30 15:06:40 -03:00
zebra_config.pl